From c71e4496a7f694b4ae31c388d4ede190ca5881af506e80198f66355c4ccada5b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 23 Sep 2014 09:58:41 +0000 Subject: [PATCH 1/2] Freecode is gone OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=86 --- iptables.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/iptables.spec b/iptables.spec index d5f8882..315cced 100644 --- a/iptables.spec +++ b/iptables.spec @@ -27,7 +27,6 @@ License: GPL-2.0 and Artistic-2.0 Group: Productivity/Networking/Security Url: http://netfilter.org/projects/iptables/ -#Freecode-URL: http://freecode.com/projects/iptables/ #Git-Web: http://git.netfilter.org/ #Git-Clone: git://git.netfilter.org/iptables #DL-URL: http://netfilter.org/projects/iptables/files/ From 4f18a580d5f6d77f281a829fb765f41c4277f70e07a48a1d3e75d94138edf2cc Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 23 Nov 2015 12:07:42 +0000 Subject: [PATCH 2/2] - Update to new snapshot v1.4.21-367-g9763347 [1.6.0~] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=87 --- iptables-1.4.21.g367.9763347.tar.xz | 3 + iptables-1.4.21.tar.bz2 | 3 - iptables-1.4.21.tar.bz2.sig | Bin 543 -> 0 bytes iptables-batch.patch | 30 ++++---- iptables.changes | 15 ++++ iptables.spec | 112 +++++++++++++++------------- 6 files changed, 95 insertions(+), 68 deletions(-) create mode 100644 iptables-1.4.21.g367.9763347.tar.xz delete mode 100644 iptables-1.4.21.tar.bz2 delete mode 100644 iptables-1.4.21.tar.bz2.sig diff --git a/iptables-1.4.21.g367.9763347.tar.xz b/iptables-1.4.21.g367.9763347.tar.xz new file mode 100644 index 0000000..085bbe0 --- /dev/null +++ b/iptables-1.4.21.g367.9763347.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:266a9080f44224b4f3cdfe0b41da2f152823746370069723d8b0586c5d42ab91 +size 314784 diff --git a/iptables-1.4.21.tar.bz2 b/iptables-1.4.21.tar.bz2 deleted file mode 100644 index dfe7c8f..0000000 --- a/iptables-1.4.21.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 -size 547439 diff --git a/iptables-1.4.21.tar.bz2.sig b/iptables-1.4.21.tar.bz2.sig deleted file mode 100644 index 88120822352fd482ae9b5072b18b1c602977503e3d3610669107b6596e17673f..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p-o!KUM$=2@s?aABnqPSj>-#5CEJUs8{kqj)Ua!U*uK{a zoI>t63@pDgDG}A)?|M(G6lHxf?2U3WB`TCxL2;DXR+B5(U6o0{GsC9Rpp_eRiQ-c> zI;~u@@|CTRwy8s#tnNUY=NLaLG2fY9Q diff --git a/iptables-batch.patch b/iptables-batch.patch index 57f0b60..24c8c7e 100644 --- a/iptables-batch.patch +++ b/iptables-batch.patch @@ -1,17 +1,16 @@ --- - iptables/Makefile.am | 10 + iptables/Makefile.am | 9 iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 477 insertions(+), 1 deletion(-) + 2 files changed, 477 insertions(+) -Index: iptables-1.4.20/iptables/Makefile.am +Index: iptables/iptables/Makefile.am =================================================================== ---- iptables-1.4.20.orig/iptables/Makefile.am -+++ iptables-1.4.20/iptables/Makefile.am -@@ -24,7 +24,15 @@ endif - xtables_multi_SOURCES += xshared.c - xtables_multi_LDADD += ../libxtables/libxtables.la -lm +--- iptables.orig/iptables/Makefile.am ++++ iptables/iptables/Makefile.am +@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared. + xtables_compat_multi_LDADD += ../libxtables/libxtables.la -lm + endif --sbin_PROGRAMS = xtables-multi +iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c +iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} +iptables_batch_LDADD = ${xtables_multi_LDADD} @@ -20,14 +19,15 @@ Index: iptables-1.4.20/iptables/Makefile.am +ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} +ip6tables_batch_LDADD = ${xtables_multi_LDADD} + -+sbin_PROGRAMS = xtables-multi iptables-batch ip6tables-batch - man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \ - iptables-xml.1 ip6tables.8 ip6tables-restore.8 \ - ip6tables-save.8 iptables-extensions.8 -Index: iptables-1.4.20/iptables/iptables-batch.c + sbin_PROGRAMS = xtables-multi ++sbin_PROGRAMS += iptables-batch ip6tables-batch + if ENABLE_NFTABLES + sbin_PROGRAMS += xtables-compat-multi + endif +Index: iptables/iptables/iptables-batch.c =================================================================== --- /dev/null -+++ iptables-1.4.20/iptables/iptables-batch.c ++++ iptables/iptables/iptables-batch.c @@ -0,0 +1,468 @@ +/* + * Author: Ludwig Nussel diff --git a/iptables.changes b/iptables.changes index 810b49e..81d16c1 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Mon Nov 23 11:07:15 UTC 2015 - jengelh@inai.de + +- Update to new snapshot v1.4.21-367-g9763347 [1.6.0~] +* -m ah/esp/rt: restore matching "any SPI id" by default + (they unexpectedly defaulted to --spi 0 rather than --spi ALL) +* -m cgroup: new module +* -m dst: make ! --dst-len work +* -m ipcomp: new module +* -m socket: add --restore-skmark option +* -j CT: add support for new zone options +* -j REJECT: add missing ICMPv6 codes +* -j TEE: make it possible to delete rules with -D ... -j +* -j SNAT/DNAT: add randomize-full support + ------------------------------------------------------------------- Thu Apr 24 09:54:12 UTC 2014 - dmueller@suse.com diff --git a/iptables.spec b/iptables.spec index 315cced..f1607b5 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,7 +1,7 @@ # # spec file for package iptables # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,10 +17,7 @@ Name: iptables -%define lname_ipq libipq0 -%define lname_iptc libiptc0 -%define lname_xt libxtables10 -Version: 1.4.21 +Version: 1.6.0~ Release: 0 Summary: IP Packet Filter Administration utilities License: GPL-2.0 and Artistic-2.0 @@ -30,8 +27,9 @@ Url: http://netfilter.org/projects/iptables/ #Git-Web: http://git.netfilter.org/ #Git-Clone: git://git.netfilter.org/iptables #DL-URL: http://netfilter.org/projects/iptables/files/ -Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 -Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig +#Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 +#Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig +Source: iptables-1.4.21.g367.9763347.tar.xz Source3: %name.keyring Patch3: iptables-batch.patch Patch4: iptables-apply-mktemp-fix.patch @@ -40,26 +38,37 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?fedora_version} || 0%{?centos_version} BuildRequires: sgml-common %endif -#git#BuildRequires: autoconf, automake >= 1.10 -BuildRequires: libtool -BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} BuildRequires: fdupes %endif -%if 0%{?suse_version} >= 1140 || 0%{?fedora_version} +#git#BuildRequires: autoconf, automake >= 1.10 +BuildRequires: bison +BuildRequires: flex >= 2.5.33 +BuildRequires: libtool +BuildRequires: pkg-config >= 0.21 +BuildRequires: xz +BuildRequires: pkgconfig(libmnl) >= 1.0 BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 -%endif -%if (0%{?suse_version} && 0%{?suse_version} <= 1110) || 0%{?centos_version} || 0%{?redhat_version} -BuildRequires: libnetfilter_conntrack-devel >= 1.0.4 -BuildRequires: libnfnetlink-devel >= 1.0.0 -%endif -Requires: xtables-plugins = %version +BuildRequires: pkgconfig(libnftnl) >= 1.0.5 +Requires: xtables-plugins = %version-%release %description -iptables is used to set up, maintain, and inspect the tables of IP -packet filter rules in the Linux kernel. This version requires kernel -3.0 or newer. +iptables is used to set up, maintain, and inspect the rule tables of +the classic "ip6_tables" and "ip_tables" packet filters in the Linux +kernel. + +%package nft +Summary: NFT Packet Filter Administration utilties in the style of Xtables +Group: Productivity/Networking/Security +Requires: xtables-plugins = %version-%release +Conflicts: ebtables + +%description nft +The programs shipped in this subpackage behave like iptables on the +command line, but instead edit the rules of the NFT packet filter in +the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit +all features. %package -n xtables-plugins Summary: Match and Target Extension plugins for iptables @@ -69,11 +78,11 @@ Conflicts: iptables < 1.4.18 %description -n xtables-plugins Match and Target Extension plugins for iptables. -%package -n %lname_ipq +%package -n libipq0 Summary: Library to interface with the (old) ip_queue kernel mechanism Group: System/Libraries -%description -n %lname_ipq +%description -n libipq0 The Netfilter project provides a mechanism (ip_queue) for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to @@ -85,7 +94,7 @@ ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! %package -n libipq-devel Summary: Development files for the ip_queue kernel mechanism Group: Development/Libraries/C and C++ -Requires: %lname_ipq = %version +Requires: libipq0 = %version %description -n libipq-devel The Netfilter project provides a mechanism (ip_queue) for passing @@ -96,28 +105,28 @@ be modified in userspace prior to reinjection back into the kernel. ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! -%package -n %lname_iptc +%package -n libiptc0 Summary: Library for low-level ruleset generation and parsing Group: System/Libraries -%description -n %lname_iptc +%description -n libiptc0 libiptc ("iptables cache") is used to retrieve from the kernel, parse, construct, and load new rulesets into the kernel. %package -n libiptc-devel Summary: Development files for libiptc, a packet filter ruleset library Group: Development/Libraries/C and C++ -Requires: %lname_iptc = %version +Requires: libiptc0 = %version %description -n libiptc-devel libiptc ("iptables cache") is used to retrieve from the kernel, parse, construct, and load new rulesets into the kernel. -%package -n %lname_xt +%package -n libxtables11 Summary: iptables extension interface Group: System/Libraries -%description -n %lname_xt +%description -n libxtables11 This library contains all the iptables code shared between iptables, ip6tables, their extensions, and for external integration for e.g. iproute2's m_xt. @@ -125,7 +134,7 @@ iproute2's m_xt. %package -n libxtables-devel Summary: Libraries, Headers and Development Man Pages for iptables Group: Development/Libraries/C and C++ -Requires: %lname_xt = %version +Requires: libxtables11 = %version %description -n libxtables-devel This library contains all the iptables code shared between iptables, @@ -136,7 +145,7 @@ Link your extension (iptables plugins) with $(pkg-config xtables xtables --variable=xtlibdir). %prep -%setup -q +%setup -qn iptables %patch -P 3 -P 4 -p1 %build @@ -148,7 +157,7 @@ fi rm -f extensions/libipt_unclean.man # includedir is overriden on purpose to detect projects that # fail to include libxtables_CFLAGS -%configure --includedir="%_includedir/pkg/%name" --enable-libipq +%configure --includedir="%_includedir/%name" --enable-libipq make %{?_smp_mflags} %install @@ -161,12 +170,12 @@ rm -f "%buildroot/%_libdir"/*.la; %fdupes %buildroot/%_prefix %endif -%post -n %lname_ipq -p /sbin/ldconfig -%postun -n %lname_ipq -p /sbin/ldconfig -%post -n %lname_iptc -p /sbin/ldconfig -%postun -n %lname_iptc -p /sbin/ldconfig -%post -n %lname_xt -p /sbin/ldconfig -%postun -n %lname_xt -p /sbin/ldconfig +%post -n libipq0 -p /sbin/ldconfig +%postun -n libipq0 -p /sbin/ldconfig +%post -n libiptc0 -p /sbin/ldconfig +%postun -n libiptc0 -p /sbin/ldconfig +%post -n libxtables11 -p /sbin/ldconfig +%postun -n libxtables11 -p /sbin/ldconfig %files %defattr(-,root,root) @@ -185,13 +194,18 @@ rm -f "%buildroot/%_libdir"/*.la; %_sbindir/ip6tables-save %_sbindir/xtables-multi +%files nft +%defattr(-,root,root) +%_sysconfdir/ethertypes +%_sbindir/*-compat* + %files -n xtables-plugins %defattr(-,root,root) %_libdir/xtables/ %_sbindir/nfnl_osf %_datadir/xtables/ -%files -n %lname_ipq +%files -n libipq0 %defattr(-,root,root) %_libdir/libipq.so.0* @@ -199,12 +213,12 @@ rm -f "%buildroot/%_libdir"/*.la; %defattr(-,root,root) %doc %_mandir/man3/libipq* %doc %_mandir/man3/ipq* -%dir %_includedir/pkg/%name/ -%_includedir/pkg/%name/libipq* +%dir %_includedir/%name/ +%_includedir/%name/libipq* %_libdir/libipq.so %_libdir/pkgconfig/libipq.pc -%files -n %lname_iptc +%files -n libiptc0 %defattr(-,root,root) %_libdir/libiptc.so.0* %_libdir/libip4tc.so.0* @@ -212,22 +226,20 @@ rm -f "%buildroot/%_libdir"/*.la; %files -n libiptc-devel %defattr(-,root,root) -%dir %_includedir/pkg/ -%dir %_includedir/pkg/%name/ -%_includedir/pkg/%name/libiptc* +%dir %_includedir/%name/ +%_includedir/%name/libiptc* %_libdir/libip*tc.so %_libdir/pkgconfig/libip*tc.pc -%files -n %lname_xt +%files -n libxtables11 %defattr(-,root,root) -%_libdir/libxtables.so.10* +%_libdir/libxtables.so.11* %files -n libxtables-devel %defattr(-,root,root) -%dir %_includedir/pkg/ -%dir %_includedir/pkg/%name/ -%_includedir/pkg/%name/xtables.h -%_includedir/pkg/%name/xtables-version.h +%dir %_includedir/%name/ +%_includedir/%name/xtables.h +%_includedir/%name/xtables-version.h %_libdir/libxtables.so %_libdir/pkgconfig/xtables.pc